Re: Anit-Virus help for all of us??????
Dave Howe wrote: perhaps a migration to linux is in order? after all, its free(ish), doesn't care too much about marketing deadlines, and if you start them young enough, KDE or Gnome is certainly is no harder to learn than windows. Why stop at an intermediate step but migrate to free OS while we are at it? Like FreeBSD, NetBSD or OpenBSD. Pete
Re: Anit-Virus help for all of us??????
On Mon, Nov 24, 2003 at 02:31:42PM -0800, Henry Linneweh wrote: > The latest Zone Alarm Pro also invites subscribed users to participate in creating a > more robust solution The latest Zone Alarm also creates a nice ddos to your ISP's dns servers if lockup.zonelabs.com can't be resolved (as we found out the hard way here in europe after the Above downtime). -- Cliff Albert| RIPE: CA3348-RIPE | https://oisec.net/ [EMAIL PROTECTED] | 6BONE: CA2-6BONE | PGP Fingerprint = 9ED4 1372 5053 937E F59D B35F 06A1 CC43 9A9B 1C5A
Re: Anit-Virus help for all of us??????
On Tue, 25 Nov 2003 13:21:36 EST, Wojtek Zlobicki <[EMAIL PROTECTED]> said: > I would hate to blame the users here. In most organizations it is the > role of the IT Dept to manage the workstations and not end users. Remember that Joe Sixpack's IT Dept may not be available past 9:30PM because it's a school night Yes, in large organizations, it's the IT Dept's problem. However, I'm fairly sure that the vast majority of PC's are home/SOHO/small company boxes that don't have an IT Dept. I know for a fact that a music store I do a lot of business with had their computer (singular) set up by a college kid who got paid in guitar gear and then split town. It's worked for 4 years, and the store owner figures it will cost him another guitar to get it fixed if it ever breaks. :) pgp0.pgp Description: PGP signature
RE: Anit-Virus help for all of us??????
I would hate to blame the users here. In most organizations it is the role of the IT Dept to manage the workstations and not end users. Severely restricting users privileges is often a good thing, at least from the perspective of being able to control what gets installed on the machines in question. Having consistent hardware and software images also helps (where rooted boxes are quickly re-imaged), as well as having a good distributed anti-virus solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Dobrynski Sent: Tuesday, November 25, 2003 12:21 PM To: [EMAIL PROTECTED] Subject: Re: Anit-Virus help for all of us?? Having sat up until the wee hours of the AM last night cleaning up virus traffic on one of my private nets (an inhouse private net at that) i was giving this some thought. It seems that as with all things, knowledge is power. While all of the machines on the floor where the net op's team lives where fine (mostly windows), the entire call center was infected (entirely windows). When i went downstairs and spoke with them i was suprised (ok not really) to find that none of them knew how to run windows update or had ever heard of the xp firewall feature.
RE: Anit-Virus help for all of us??????
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Ryan Dobrynski > Sent: November 25, 2003 12:21 PM > To: [EMAIL PROTECTED] > Subject: Re: Anit-Virus help for all of us?? > > like everyone else, I don't have the answer. Just another way > of looking at it. I have learned however that trying to fix a > behavioral problem with technology generally doesn't work. > Untill "the users" in general get a little smarter about > thier new toy, things won't get much better. No, the solution seems to me to increase the liability involved. If a couple of people who neglected to take care of their computers got hauled into court and made to pay a fine and/or spend a few weeks in a jail cell, and if the mainstream media got to watch (and didn't take a "those poor people" stance that makes the whole initiative look bad), things would change. Fact is, if I don't properly maintain my brakes on my car and I crash into something/someone, there will be legal consequences enforced with the full coercive power of the government. If I don't properly maintain my computer and as a result, it harms someone else (eg: by allowing others to use it for DDoSing that other person's network), there should also be serious legal consequences. And just like saying "Oh, I didn't know brakes weren't supposed to last for 15km" wouldn't be an acceptable excuse for my poorly-maintained car harming others, neither should "I didn't know that computers needed security regular updates" be an excuse for me to have a virus/trojan/etc-infected computer that harms others. Yes, this is a political solution, but this is a political and social (and economic, to a lesser extent) problem, not a technological one. When technology has the potential to cause harm, it (except for computer technology) is regulated to limit the amount of harm that is done. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Re: Anit-Virus help for all of us??????
Having sat up until the wee hours of the AM last night cleaning up virus traffic on one of my private nets (an inhouse private net at that) i was giving this some thought. It seems that as with all things, knowledge is power. While all of the machines on the floor where the net op's team lives where fine (mostly windows), the entire call center was infected (entirely windows). When i went downstairs and spoke with them i was suprised (ok not really) to find that none of them knew how to run windows update or had ever heard of the xp firewall feature. They are in the process of being jailed behind thier own nat with heavy ACL's. It's something of a difficult spot. Modern society does not hand out cars to every Tom that can afford one. They make you pass a test and obtain a license first. Why? Because if you don't know what your doing and understand some basic safety procedures, you are a danger to other people. But any Joe with $400 can get on the internet and cause havok. Now understand me here, I'm not trying to start a "we should license internet users" war here. That would be silly. The trick here lies in this: the gvmt (im speaking of US roadways here) has something to the effect of a monopoly on roads. Don't want to get thier lisence? Don't drive on thier roads.. The internet doesn't have that simplicity. So the question is: how to convince "the users" that there are things they really should know and practice in the interest of everyone's safety? Unfortunatly like everyone else, I don't have the answer. Just another way of looking at it. I have learned however that trying to fix a behavioral problem with technology generally doesn't work. Untill "the users" in general get a little smarter about thier new toy, things won't get much better. That said someone made an interesting comment pertaining to whom it was that was selling the vulnerable machines. While not particularly usefull for much, it might be amusing to get some nice granular data on infected hosts brandnames. Be entertaining to see who's default config is the least virus prone. Anyway. Just a thought i had been muddling with hehe. Sorry to clutter the list with it. If anyone wants to chat about it drop me a line off list. > Er... two or three obvious reasons - there might be more. > > # Users not updating their virus / firewall definitions, not paying for > new definitions after their year of free definitions is done. > > # Users leaving open windows shares, clicking on random windows > attachments etc > > # Viruses keeping one step ahead of antivirus vendors Ryan Dobrynski Hat-Swapping Gnome Choice Communications Like the ski resort of girls looking for husbands and husbands looking for girls, the situation is not as symmetrical as it might seem.
Re: Anit-Virus help for all of us??????
On 24 Nov, 2003, at 21:20, Gerardo Gregory wrote: [NAT and PAT] is not a security feature, neither does it provide any real security, just ... translations. "You can't curse it if you don't know its name" -- Len Bosack on this issue, Reykjavik, March 2003. Just cause your broadband router (ahem, switch) vendor states that NAT (in reality PAT) as one of their security 'knobs' does not make it in any way a security feature when implemented. Oh drat. So much for Len. Sean.
RE: Anit-Virus help for all of us??????
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Brian Bruns > Sent: November 25, 2003 10:21 AM > To: Vivien M.; 'Daniel Karrenberg' > Cc: [EMAIL PROTECTED] > Subject: Re: Anit-Virus help for all of us?? > > I know full well about the resource limits. Its a PITA, but > as long as you run a decent set of apps that don't suffer > from resource leaks (Mozilla without a GDI patch does this > for example) that eventually use up all GDI/USER memory, > you'll be fine. I use Win98SE here all day with only one > reboot needed most days, and I run WinAMP, Putty, K-Meleon, > Outlook Express, Cygwin, mIRC, Xnews (which has a bad habit > of crashing the whole system at times), as well as AIM, > Miranda IM, SST, Yahoo Messenger, and various other tools. > Thats all at once, multitasking. I know, I could reduce the > clutter by letting Miranda IM do AIM and Yahoo, but thats not > the point. :-) > > Many times, resource suckage comes from those ugly faceless > background programs that run at startup. Kill as many icons > as you can on the desktop and the task bar, and clean out > your startup list, and you'll free up alot of GDI resources. You've just conceded that you reboot every day, and honestly, to do what do with Win98 SE, that's what's required. You've also conceded that how you use your system is chosen based around those resource limitations: if $BROWSER_1 uses less resources than $BROWSER_2, that's what you'll use. If Win98 SE was the only game in town, well, you could do that and curse Redmond every time you reboot. However, it is NOT the only game in town. A reasonable OS (Win2K/XP, Linux, etc) will let you run all the things you're running, and will stay up for weeks unless your hardware really sucks. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Re: Anit-Virus help for all of us??????
The minimalist approach has support advantages as well. Because of the small image size a reimage can be accomplished quickly. For better or worse many network tools/utilities only run under win[*] requiring a windows box for many of these Win98SE fits nicely. My app load is small i.e. browser, ssh client sftp client and the inevitable Office suite. We are primarily a [*}x house here but we do need windows at times. Scott C. McGrath On Tue, 25 Nov 2003, Brian Bruns wrote: > > - Original Message - > From: "Vivien M." <[EMAIL PROTECTED]> > To: "'Daniel Karrenberg'" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, November 25, 2003 9:39 AM > Subject: RE: Anit-Virus help for all of us?? > > > > > Have either of you actually followed this advice? > > > Win98SE is totally useless as a desktop OS due to the archaic GDI/USER > > resource limits. When one average consumerish app (eg: a media player) > eats > > up 10% of those resources, one window in an IM program eats up 2%, etc... > it > > does not take much to bring down an entire system. Last time I was > running > > Win98SE (which is about 3 years ago), it took about 20 minutes after > booting > > while running boring normal apps to get to a dangerously low resource > level > > (30%ish free). That machine got totally unstable needing a reboot after > > about 3 days. On the same hardware (with additional RAM), Win2K could > easily > > run 3-4 weeks and run any app I wanted just fine. > > So, some people might say I'm a power user, but the average users I know > > these days tend to multitask at least a web browser, an IM client with a > > couple open windows, some bloated media player, perhaps a P2P app, and > some > > office app. This is already stretching Win9X to its limits, and I would > > expect it to be worse (code just gets sloppier...) than it was three years > > ago... > > Yes I do follow my own advice. Back from the days when I was an OEM, I > still have a box full of win98SE cd packs/licenses for when I build people > new machines. Its what I put on them standard unless you ask for Win2k or > XP or NT4 (or any other OS for that matter, ie Linux, BSD). > > I know full well about the resource limits. Its a PITA, but as long as you > run a decent set of apps that don't suffer from resource leaks (Mozilla > without a GDI patch does this for example) that eventually use up all > GDI/USER memory, you'll be fine. I use Win98SE here all day with only one > reboot needed most days, and I run WinAMP, Putty, K-Meleon, Outlook Express, > Cygwin, mIRC, Xnews (which has a bad habit of crashing the whole system at > times), as well as AIM, Miranda IM, SST, Yahoo Messenger, and various other > tools. Thats all at once, multitasking. I know, I could reduce the clutter > by letting Miranda IM do AIM and Yahoo, but thats not the point. :-) > > Many times, resource suckage comes from those ugly faceless background > programs that run at startup. Kill as many icons as you can on the desktop > and the task bar, and clean out your startup list, and you'll free up alot > of GDI resources. > > > > > > No wonder people think Windows is unreliable. 98SE may be preferable from > a > > security-from-external-threats POV, yes, but for any type of real use, > it's > > useless. Not to mention the other quirks, like needing to reboot to change > > network settings, the lack of any local security (or even attempt at local > > security), etc. I'll take rebooting every week or two for the latest XP > > security patch any day over rebooting every day or two because Win98SE is > an > > unreliable piece of poorly designed legacy junk. > > > The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the > > modern world: > > 1) People who use their computers as game-only machines (or who dual boot > a > > real OS for non-game purposes) > > 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your > > favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS > > reliably. > > Lets not forget those people who just don't have the CPU power or memory to > support 2k or XP. > > Just because something is new and 'improved' doesn't make it better. Yes, > 9x has alot of legacy crap. Yes, 9x has various issues with resource usage. > But sometimes, its just right. > > -- > Brian Bruns > The Summit Open Source Development Group > Open Solutions For A Closed World / Anti-Spam Resources > http://www.sosdg.org > > The AHBL - http://www.ahbl.org >
Re: Anit-Virus help for all of us??????
"Vivien M." wrote: > > > if haveto(M$) > > use(W98SE); > > Have either of you actually followed this advice? > Yes. > (30%ish free). That machine got totally unstable needing a reboot after > about 3 days. On the same hardware (with additional RAM), Win2K could easily > run 3-4 weeks and run any app I wanted just fine. > ROFL. :-) My relatives run their machine(s) for a couple of hours and turn them off. My 3000+ customers are primarily dialup, and presumably turn them off, too. If they didn't, the Nachi infections would be much, much worse. > No wonder people think Windows is unreliable. 98SE may be preferable from a > security-from-external-threats POV, yes, but This thread primarily concerns security. > ... I'll take rebooting every week or two for the latest XP > security patch any day over rebooting every day or two because Win98SE is an > unreliable piece of poorly designed legacy junk. > All M$ software is "an unreliable piece of poorly designed legacy junk." This is about which piece of junk to recommend to customers, that keeps support costs down, and Nachi et alia from showing up. > The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the > modern world: > 1) People who use their computers as game-only machines (or who dual boot a > real OS for non-game purposes) That's me, personally, for games that are not available for Macs -- after all, GreenDragon is a Mac game company! > 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your > favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS > reliably. > Although we do run YellowDog Linux on old Mac hardware for much of our server needs, the security monitors and such run NetBSD or OpenBSD. Just had a Linux nameserver hacked the other day I have horrible, horrible, support experiences with 2K and XP. Every customer that I know runs XP has been infected with one thing or another. In the case of 2 DSL customers in particular, they seem to be infected again a week or two later, even tho' they swear that they applied all the patches. This has been a major pain in support costs. My brothers both run XP for Civ3 PTW, and both crash within a half hour or so, while the W98 machines just keep running that program all day, leading me to host on much slower W98 machines -- contrary to the usual instructions. So, I can personally attest to "actually WORKS reliably." -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Re: Anit-Virus help for all of us??????
- Original Message - From: "Vivien M." <[EMAIL PROTECTED]> To: "'Daniel Karrenberg'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, November 25, 2003 9:39 AM Subject: RE: Anit-Virus help for all of us?? > Have either of you actually followed this advice? > Win98SE is totally useless as a desktop OS due to the archaic GDI/USER > resource limits. When one average consumerish app (eg: a media player) eats > up 10% of those resources, one window in an IM program eats up 2%, etc... it > does not take much to bring down an entire system. Last time I was running > Win98SE (which is about 3 years ago), it took about 20 minutes after booting > while running boring normal apps to get to a dangerously low resource level > (30%ish free). That machine got totally unstable needing a reboot after > about 3 days. On the same hardware (with additional RAM), Win2K could easily > run 3-4 weeks and run any app I wanted just fine. > So, some people might say I'm a power user, but the average users I know > these days tend to multitask at least a web browser, an IM client with a > couple open windows, some bloated media player, perhaps a P2P app, and some > office app. This is already stretching Win9X to its limits, and I would > expect it to be worse (code just gets sloppier...) than it was three years > ago... Yes I do follow my own advice. Back from the days when I was an OEM, I still have a box full of win98SE cd packs/licenses for when I build people new machines. Its what I put on them standard unless you ask for Win2k or XP or NT4 (or any other OS for that matter, ie Linux, BSD). I know full well about the resource limits. Its a PITA, but as long as you run a decent set of apps that don't suffer from resource leaks (Mozilla without a GDI patch does this for example) that eventually use up all GDI/USER memory, you'll be fine. I use Win98SE here all day with only one reboot needed most days, and I run WinAMP, Putty, K-Meleon, Outlook Express, Cygwin, mIRC, Xnews (which has a bad habit of crashing the whole system at times), as well as AIM, Miranda IM, SST, Yahoo Messenger, and various other tools. Thats all at once, multitasking. I know, I could reduce the clutter by letting Miranda IM do AIM and Yahoo, but thats not the point. :-) Many times, resource suckage comes from those ugly faceless background programs that run at startup. Kill as many icons as you can on the desktop and the task bar, and clean out your startup list, and you'll free up alot of GDI resources. > No wonder people think Windows is unreliable. 98SE may be preferable from a > security-from-external-threats POV, yes, but for any type of real use, it's > useless. Not to mention the other quirks, like needing to reboot to change > network settings, the lack of any local security (or even attempt at local > security), etc. I'll take rebooting every week or two for the latest XP > security patch any day over rebooting every day or two because Win98SE is an > unreliable piece of poorly designed legacy junk. > The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the > modern world: > 1) People who use their computers as game-only machines (or who dual boot a > real OS for non-game purposes) > 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your > favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS > reliably. Lets not forget those people who just don't have the CPU power or memory to support 2k or XP. Just because something is new and 'improved' doesn't make it better. Yes, 9x has alot of legacy crap. Yes, 9x has various issues with resource usage. But sometimes, its just right. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
RE: Anit-Virus help for all of us??????
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Daniel Karrenberg > Sent: November 25, 2003 3:42 AM > To: William Allen Simpson > Cc: [EMAIL PROTECTED] > Subject: Re: Anit-Virus help for all of us?? > > > > On 24.11 18:20, William Allen Simpson wrote: > > > > Brian Bruns wrote: > > > > > > One thing that many people don't realize (from my personal > > > experience) is that contrary to popular belief, Win98SE is a good > > > all around desktop OS to use. It can run most things like > > > productivity apps and games, and with 128-256MB of RAM, its quite > > > fast even on an old laptop like mine. Unlike XP, it > doesn't have a > > > million services running, nor does it have the nasty UPnP > stuff from WinME. > > I agree wholeheartedly. > > if haveto(M$) > use(W98SE); Have either of you actually followed this advice? Win98SE is totally useless as a desktop OS due to the archaic GDI/USER resource limits. When one average consumerish app (eg: a media player) eats up 10% of those resources, one window in an IM program eats up 2%, etc... it does not take much to bring down an entire system. Last time I was running Win98SE (which is about 3 years ago), it took about 20 minutes after booting while running boring normal apps to get to a dangerously low resource level (30%ish free). That machine got totally unstable needing a reboot after about 3 days. On the same hardware (with additional RAM), Win2K could easily run 3-4 weeks and run any app I wanted just fine. So, some people might say I'm a power user, but the average users I know these days tend to multitask at least a web browser, an IM client with a couple open windows, some bloated media player, perhaps a P2P app, and some office app. This is already stretching Win9X to its limits, and I would expect it to be worse (code just gets sloppier...) than it was three years ago... No wonder people think Windows is unreliable. 98SE may be preferable from a security-from-external-threats POV, yes, but for any type of real use, it's useless. Not to mention the other quirks, like needing to reboot to change network settings, the lack of any local security (or even attempt at local security), etc. I'll take rebooting every week or two for the latest XP security patch any day over rebooting every day or two because Win98SE is an unreliable piece of poorly designed legacy junk. The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the modern world: 1) People who use their computers as game-only machines (or who dual boot a real OS for non-game purposes) 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS reliably. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Re: Anit-Virus help for all of us??????
Daniel Karrenberg wrote: > I recommend that at home to all local primary schools. They often do > not have the latest hardware but some of them even run it on the > latest hardware now. This and frequent reloads of standard clean > disk images tends to keep things clean and operational. The image > loads from a *nix server are routinely done by 10-year-olds. Drivers are getting harder and harder to find for Win9x - even stuff that was supported last year, seem to have "lost" the drivers from the manu sites "we don't support Win9x anymore" *sigh* > Unfortunately this is not a really long term strategy. > I expect apps that are essential to the schools but do > not run on W98SE in the not-too-distant future. I would be surprised. The upgrade treadmill is mostly there as a money-tree for the manus - provided you haved xxx licences for office 9x, xxx licences for Windows 9x and supported hardware, you could probably go on indefinitely. (Who can name a feature they use more than once a month in Word or Excel post-97 that wasn't in 97? and most of those seem to have been third-party available plugins that M$ have built into later versions) My biggest problem with 9x boxen (and we support 400 here) is printer drivers; printers wear out faster than anything else in an office environment, and the latest and greatest don't come with 9x drivers any more (but often generic or older drivers still work - I don't think this will always be true though) School apps are a world of their own anyhow - writers will target the platforms available as that's where the sales are, not the platforms M$'s games division writes for. In the 486 days you could *still* buy new software for the BBC micro in the UK - simply because so many schools still had them. Expansion of your machine pool would be a nightmare though - you can't buy versions of office or windows behind the leading edge any more, and regardless more and more seem to require "activiation" by being on the web (not a good idea for an unpatched win9x box running unpatched office suites, but then, isn't everyone on the web now?) perhaps a migration to linux is in order? after all, its free(ish), doesn't care too much about marketing deadlines, and if you start them young enough, KDE or Gnome is certainly is no harder to learn than windows.
Re: Anit-Virus help for all of us??????
On 24.11 18:20, William Allen Simpson wrote: > > Brian Bruns wrote: > > > > One thing that many people don't realize (from my personal experience) is > > that contrary to popular belief, Win98SE is a good all around desktop OS to > > use. It can run most things like productivity apps and games, and with > > 128-256MB of RAM, its quite fast even on an old laptop like mine. Unlike > > XP, it doesn't have a million services running, nor does it have the nasty > > UPnP stuff from WinME. I agree wholeheartedly. if haveto(M$) use(W98SE); I recommend that at home to all local primary schools. They often do not have the latest hardware but some of them even run it on the latest hardware now. This and frequent reloads of standard clean disk images tends to keep things clean and operational. The image loads from a *nix server are routinely done by 10-year-olds. Unfortunately this is not a really long term strategy. I expect apps that are essential to the schools but do not run on W98SE in the not-too-distant future. I guess they will have to find loads of money and buy macs then. ;-) Daniel
Re: Anit-Virus help for all of us??????
> The average user will say "OOH! SHINY!! [clicky-click]" when offered content > promising either dancing hampsters or pop stars wearing less clothing than > appropriate. Any security model that doesn't allow for this is doomed to > failure. Introducing Telecomplete Security service, with antivirus, stateful content based inspection firewall, and Hamster Protection (TM) :)
Re: Anit-Virus help for all of us??????
Brian Bruns wrote: > > One thing that many people don't realize (from my personal experience) is > that contrary to popular belief, Win98SE is a good all around desktop OS to > use. It can run most things like productivity apps and games, and with > 128-256MB of RAM, its quite fast even on an old laptop like mine. Unlike > XP, it doesn't have a million services running, nor does it have the nasty > UPnP stuff from WinME. I agree! I don't run much M$Windows, with the exception of dual boot for occasional games, but I stopped at 98SE, having had problems with everything later. Unfortunately, I cannot keep my relatives and customers from buying new machines with XP, the worst thing I've seen yet. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Re: Anit-Virus help for all of us??????
[EMAIL PROTECTED] wrote: > > The average user will say "OOH! SHINY!! [clicky-click]" when offered content > promising either dancing hampsters or pop stars wearing less clothing than > appropriate. Any security model that doesn't allow for this is doomed to > failure. > Yep. I've already told the story about my niece a few months back -- right before my eyes. The solution that's worked so far, keeping her machine clean for months: Norton AV can detect every attempt to write to an executable, and it turns off the Windows screen, takes over the display, flashes a big warning screen, and asks whether it should continue. That causes the startled niece to go running to momma to call uncle. Whatever we use has to be flashier than dancing hamsters Of course, anything that happens too often will just get the OK option selected anyway. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Re: Anit-Virus help for all of us??????
The latest Zone Alarm Pro also invites subscribed users to participate in creating a more robust solution -HenryNiels Bakker <[EMAIL PROTECTED]> wrote: * [EMAIL PROTECTED] (Richard Cox) [Mon 24 Nov 2003, 20:30 CET]:> > The latest version of Zone Alarm Pro does stop all applications from> accessing the net outbound unless specifically authorised, and it does> check the executable by checksum to make sure it hasn't been changed.Right up to the moment the end user, annoyed by the continuous popups,authorises mshtml.dll - which is used by several malicious-by-designworms (including Outlook).-- Niels.
Re: Anit-Virus help for all of us??????
Being that I wasn't paying attention, heres the message I accidentally responded to in private e-mail rather then the list... - - Original Message - From: "Jeff Shultz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 24, 2003 1:46 PM Subject: Re: Anit-Virus help for all of us?? > You know that the best AV program in the world isn't going to amount to > a hill of beans if the user doesn't 1. download updates, 2. run the > occasional scan [1], and 3. pay for more updates past the 1 year mark > (for those for which this is a requirement). Thats how they make money off of the antivirus stuff - the yearly subscriptions. Many people just go out and buy a new version of Norton whenever their defs expire (yeah, I've done that before for my personal machines, as sometimes they improve the detection stuff between versions - like Norton 2002 adds script protection and better e-mail virus filtering). The only completely and utterly free with no catches or nagware antivirus software I know of is clamav. But, its only for UNIX/Linux (although people have gotten it working in cygwin - I might just package it up for people and make an installer for it). Has an autoupdate script as well. If someone spent the time to play with it, who knows, it might be able to do realtime scanning. Its pretty fast too. > > Firewalls at least tend to be a bit more hands off... and I'd like to > hear more about the "snake oil" parts. Doesn't the 1/2wall that XP > ships with default to "disabled?" > Yep, though in SP2 for XP, it will be turned on by default, IIRC. I actually like McAffee Personal Firewall Express (given away free by AOL to all of their users), have it installed on my mothers' Win98SE desktop and works like a charm. Not that many features or controls, so its slightly less confusing, but then again, you can't do very complicated stuff with it either, so its not good for everyone, but for someone like my mother, its more then enough. I just can't stand personal firewalls on my machines though - they have this nasty habit of either slowing down the machine, or causing issues with the various tools I run. Being that my primary machine is a PII 266mhz laptop, I really can't handle a personal firewall dragging down my laptop. > As for Malware... right now neither firewalls nor AV programs seem to > stop it's installation. Personally I wish that there was something that > we could install on customer machines that would absolutely and totally > block the installation of net.net stuff, to the point of deleting any > installation files that have been downloaded. > > [1] When cleaning a customer's Nachi infected machine, I discovered > that the installed copy of NAV was completely up to date - but a system > scan hadn't been run since July 2002. Spybot SD is a nifty program, installs some protection against malware that gets delivered by IE, and is generally good at ripping it out if it does get in. One thing that many people don't realize (from my personal experience) is that contrary to popular belief, Win98SE is a good all around desktop OS to use. It can run most things like productivity apps and games, and with 128-256MB of RAM, its quite fast even on an old laptop like mine. Unlike XP, it doesn't have a million services running, nor does it have the nasty UPnP stuff from WinME. I've run my Win98SE laptop with Norton Antivirus 2002, Outlook Express, and K-Meleon 0.8 (even with its more annoying bugs) as my primary browser and have never gotten infected by one of these mass mailing worms, or the DCOM exploits, or IE exploits, etc. The one thing I should mention though - I have a user, long time friend of mine, I got her setup with WinXP last year, patched her, then installed Norton Antivirus 2002, set it to autoupdate and do weekly scans (which, btw, are on by default, but I check nonetheless), and turned on the XP firewall and set it to block all inbound but RDP (so I could do remote management if she needed it). I also turned off auto-updating of Windows patches (since I've had situations where my customer's machines have been trashed because of bad/faulty patches). The machine survived the RPC/DCOM exploit nightmares as well as rounds of Outlook Express exploits with no problem. I only recently fully updated her machine with the latest patches (I didn't want to neglect her machine, but being my recent bout of health problems and personal issues left me with no choice). Even if users don't take advantage of the built in windows update because its risky, you can still make sure that you have (autoupdated) AV and the XP firewall, and you *should* be ok for the most part. All you need to do is make sure it is turned on. On a side note I've been developi
Re: Anit-Virus help for all of us??????
* [EMAIL PROTECTED] (Richard Cox) [Mon 24 Nov 2003, 20:30 CET]: > > The latest version of Zone Alarm Pro does stop all applications from > accessing the net outbound unless specifically authorised, and it does > check the executable by checksum to make sure it hasn't been changed. Right up to the moment the end user, annoyed by the continuous popups, authorises mshtml.dll - which is used by several malicious-by-design worms (including Outlook). -- Niels.
Re: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003 21:50:48 GMT, "Stephen J. Wilcox" said: > Nor does it stop the user inviting an exploit to run on their PC, eg web > download, email attachment.. based on seeing plenty of virused/exploited > machines at companies I've worked at which all had AV, FW, NAT etc they still > had the human factor who would override a warning because they got sent what > looks like a joke email with an attached .scr that later turns out to be a new > virus/worm.. The average user will say "OOH! SHINY!! [clicky-click]" when offered content promising either dancing hampsters or pop stars wearing less clothing than appropriate. Any security model that doesn't allow for this is doomed to failure. pgp0.pgp Description: PGP signature
Re: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003, Gerardo Gregory wrote: > > # Machine behind NAT while it is being updated > > NAT is not a security feature, neither does it provide any real > security, just one to one translations. PAT fall into the same > category. Just cause your broadband router (ahem, switch) vendor states > that NAT (in reality PAT) as one of their security 'knobs' does not make > it in any way a security feature when implemented. Only thing that > might benefit is IPv4 address space. > > Make a NAT Translation to a workstation (nothing else) and see if you > can still carryout some of the exploits making the rounds. Nor does it stop the user inviting an exploit to run on their PC, eg web download, email attachment.. based on seeing plenty of virused/exploited machines at companies I've worked at which all had AV, FW, NAT etc they still had the human factor who would override a warning because they got sent what looks like a joke email with an attached .scr that later turns out to be a new virus/worm.. Steve
Re: Anit-Virus help for all of us??????
> > NAT is not a security feature, neither does it provide any real > security, just one to one translations. PAT fall into the same > category. While it may not be a cure-all, a NAT solution offered by most entry-level routers is an effective, if incomplete security tool. While it does not prevent stupid user tricks (downloading malware, misconfiguring NAT to allow incoming connections, etc) it does stop most non-email worms in their tracks. For example, from an nmap or other scan of the IP address of my home DSL connection you would onot see any interesting ports open, even if one or more of the hosts behind the router were accessing content of some kind. Worms that spread over open shares and insecure services (windows or otherwise) do not ever hit any of the machines behind the NAT. I, of course, run other security solutions (IDS detection/etc) to keep my skills sharp, but I've pleasantly suprised at the wherewithall of my little Efficient router and it's NAT implementation. It's never allowed any unwanted traffic through from the out side (port 135 crud/etc). I always tell people that a NAT like this (rather than a 1:1 NAT or a NAT with PAT holes to allow access to servers) "keeps honest people honest". Could somebody figure out a way (TCP intercept, etc) to get to a machine bhind the NAT? I supose so, but like the blinking red light on the dashboard of your car, it makes the lazy thief move on to the next car that doesn't present the apperance of protection. -Scott -- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib "These are the last days of peace in America as you know it. And we will never be the same." -Mark Morford
Re: Anit-Virus help for all of us??????
Funny you mentioned ol' Joe... An article on the paper today stated that only 33% of U.S. citizens are "Tech Savvy". Meaning allot of Joe's out there are clueless I bet ol' Joe's AV signatures where last updated in 98 or 99... :) G. [EMAIL PROTECTED] wrote: On Mon, 24 Nov 2003 15:20:59 CST, Gerardo Gregory said: I know Microsoft has a product that allows you to donwload patches to a centralized server (within your infrastructure) and let's you patch your internal systems from it. Heard our MS admins talking about it a while back Two words: Joe Sixpack. Phrased differently - the sites that have enough clue and infrastructure to deploy that product are not, in general, the sites that are getting whacked the first time their single box connects to the net. -- Gerardo A. Gregory Manager Network Administration and Security 402-970-1463 (Direct) 402-850-4008 (Cell) Affinitas - Latin for "Relationship" Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net
Re: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003 15:20:59 CST, Gerardo Gregory said: > I know Microsoft has a product that allows you to donwload patches to a > centralized server (within your infrastructure) and let's you patch your > internal systems from it. Heard our MS admins talking about it a while > back Two words: Joe Sixpack. Phrased differently - the sites that have enough clue and infrastructure to deploy that product are not, in general, the sites that are getting whacked the first time their single box connects to the net. pgp0.pgp Description: PGP signature
Re: Anit-Virus help for all of us??????
Gerardo Gregory writes on 11/24/2003 4:20 PM: NAT is not a security feature, neither does it provide any real security, just one to one translations. PAT fall into the same It is not a cure all and I never said it was one. It cuts the risk down a little, is all. Most broadband providers still perform a NAT translation downstream, is it helping alleviate any of the attacks/compromises? NOT! A lot of it is because of infected hosts in a subnet searching around for open windows shares on IPs around it. I know Microsoft has a product that allows you to donwload patches to a centralized server (within your infrastructure) and let's you patch your internal systems from it. Heard our MS admins talking about it a while back Sounds like a good thing to have around. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: Anit-Virus help for all of us??????
Suresh Ramasubramanian wrote: [EMAIL PROTECTED] writes on 11/24/2003 3:43 PM: Question: What speed access is needed to guarantee "mean time to download patches" is significantly less than "mean time to probed by packet-to-0wn" (significantly == 20x lower still gives a 5% chance of getting 0wned while patching)? That'd have to be very fast indeed, given that only one windows update mirror is used at a time, and patches are downloaded and applied in sequence. Two ways to get at least some safety - # Machine behind NAT while it is being updated NAT is not a security feature, neither does it provide any real security, just one to one translations. PAT fall into the same category. Just cause your broadband router (ahem, switch) vendor states that NAT (in reality PAT) as one of their security 'knobs' does not make it in any way a security feature when implemented. Only thing that might benefit is IPv4 address space. Make a NAT Translation to a workstation (nothing else) and see if you can still carryout some of the exploits making the rounds. NAT and PAT do not prohibit any TCP/UDP connections to egress. Most broadband providers still perform a NAT translation downstream, is it helping alleviate any of the attacks/compromises? NOT! # Patches preferably downloaded onto a CD and applied offline I know Microsoft has a product that allows you to donwload patches to a centralized server (within your infrastructure) and let's you patch your internal systems from it. Heard our MS admins talking about it a while back -- Gerardo A. Gregory
Re: Anit-Virus help for all of us??????
In message <[EMAIL PROTECTED]>, Valdis.Kletni [EMAIL PROTECTED] writes: > >Question: What speed access is needed to guarantee "mean time to download >patches" is significantly less than "mean time to probed by packet-to-0wn" >(significantly == 20x lower still gives a 5% chance of getting 0wned >while patching)? > It's not just the download time, it's the install time. I recently upgraded a win2k box to winxp. Download was very fast -- my office has excellent connectivity. But the patch installation took so long that I had to disconnect the Ethernet cable so I could go home. --Steve Bellovin, http://www.research.att.com/~smb
Re: Anit-Virus help for all of us??????
** Reply to message from [EMAIL PROTECTED] on Mon, 24 Nov 2003 15:43:34 -0500 > On Mon, 24 Nov 2003 22:24:58 +0200, Petri Helenius said: > > > that windowsupdate provided with 10+ critical and 10+ other updates (the OS > > had Service Pack 1 installed) > > > > The box should have been labeled "don´t connect this device to the > > public internet". > > Question: What speed access is needed to guarantee "mean time to download > patches" is significantly less than "mean time to probed by packet-to-0wn" > (significantly == 20x lower still gives a 5% chance of getting 0wned while > patching)? I tend to install the freebie Zonealarm before hooking those systems up to the Internet Snake-Oil they may claim, but it does seem to chop the chances of my getting wormed before getting the updates downloaded. -- Jeff Shultz Loose nut behind the wheel.
Re: Anit-Virus help for all of us??????
[EMAIL PROTECTED] writes on 11/24/2003 3:43 PM: Question: What speed access is needed to guarantee "mean time to download patches" is significantly less than "mean time to probed by packet-to-0wn" (significantly == 20x lower still gives a 5% chance of getting 0wned while patching)? That'd have to be very fast indeed, given that only one windows update mirror is used at a time, and patches are downloaded and applied in sequence. Two ways to get at least some safety - # Machine behind NAT while it is being updated # Patches preferably downloaded onto a CD and applied offline -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: Anit-Virus help for all of us??????
[EMAIL PROTECTED] wrote: Question: What speed access is needed to guarantee "mean time to download patches" is significantly less than "mean time to probed by packet-to-0wn" (significantly == 20x lower still gives a 5% chance of getting 0wned while patching)? Since windows updates are downloaded only from one server at a time, none of those servers are connected to the public Internet at high enough speed. Pete
Re: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003 22:24:58 +0200, Petri Helenius said: > that windowsupdate provided with 10+ critical and 10+ other updates (the OS > had Service Pack 1 installed) > > The box should have been labeled "don´t connect this device to the > public internet". Question: What speed access is needed to guarantee "mean time to download patches" is significantly less than "mean time to probed by packet-to-0wn" (significantly == 20x lower still gives a 5% chance of getting 0wned while patching)? pgp0.pgp Description: PGP signature
RE: Anit-Virus help for all of us?????? Must have more Free!
If only free could become contagious (no pun intended) and we could all accomplish what we need to with, for example, free bandwidth, free server hardware, free network engineeringfree apple macintoshes :-)... Ha-ha, ho-ho, he-he. --- All kidding aside...is "free" the answer to the current insecurity of the Internet? I hope not! :-) Speaking as someone who knows at least a fraction of what's involved in AV/FW research... free is not likely to deliver us any time soon. Free is almost always marketing. But of course, people and their pocketbooks tend to decide how these things go... -BM PS http://us.mcafee.com/root/catalog.asp?catid=free ...neener-neener... :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McBurnett, Jim Sent: Monday, November 24, 2003 9:29 AM To: [EMAIL PROTECTED] Subject: Anit-Virus help for all of us?? Thought this is on topic for the group with all the new virii and new problems out there. Would anyone here consider sending this out to all customers? Later, Jim Last week at the Comdex show in Las Vegas, Computer Associates International, Inc. (known to the world as CA) teamed up with Microsoft Corp to provide "qualified" Windows home computer users with a no-charge, one-year subscription to CA's eTrust EZ Armor antivirus and firewall desktop security suite. The move is designed to encourage home users to increase the protection of their Windows systems and CA has stated that the company will aggressively promote the offer as part of Microsoft's "Protect Your PC" campaign. SNIP The EZ Armor software carries a value of $49.95 and the free subscription offer for will be available for download until June 30, 2004 and comes complete with one year of personal firewall and antivirus protection including daily virus signature updates. http://www.it-analysis.com/article.php?articleid=11450
Re: Anit-Virus help for all of us??????
Sean Donelan wrote: If most if not all computers that are sold include antivirus + personal firewalls, who is selling all the computers being infected with worms, virus, malware? Just got a new off the shelf PC, manufactured on 13th Nov 2003. Comes with NAV2003 and virus definitions from late 2002 installed. This is on a model that has been shipping for less than two months. Probably is not worth mentioning that windowsupdate provided with 10+ critical and 10+ other updates (the OS had Service Pack 1 installed) The box should have been labeled "don´t connect this device to the public internet". Pete
Re: Anit-Virus help for all of us??????
I tend to encourage people to use PestPatrol for the malware on windoze boxes. Suresh Ramasubramanian wrote: Jeff Shultz writes on 11/24/2003 1:46 PM: Firewalls at least tend to be a bit more hands off... and I'd like to hear more about the "snake oil" parts. Doesn't the 1/2wall that XP ships with default to "disabled?" Interesting reading here - http://groups.google.com/groups?q=vernon+schryver+snake+oil+firewall
Re: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003 10:46:26 -0800 "Jeff Shultz" <[EMAIL PROTECTED]> wrote: | Personally I wish that there was something that we could install | on customer machines that would absolutely and totally block the | installation of net.net stuff, to the point of deleting any | installation files that have been downloaded. The latest version of Zone Alarm Pro does stop all applications from accessing the net outbound unless specifically authorised, and it does check the executable by checksum to make sure it hasn't been changed. Of course, this doesn't cope with the clueless who are willing to click on just about anything, particularly if it looks cute, but the one good point about Zone Alarm Pro is that it requires a separate authorisation before any executable is allowed to access an external site on Port 25. -- Richard Cox
RE: Anit-Virus help for all of us??????
"if you build it they will come" Goes right along with "if you send it out you will support it" Think about it. -Original Message- From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 2:08 PM To: Jeff Shultz Cc: [EMAIL PROTECTED] Subject: Re: Anit-Virus help for all of us?? Jeff Shultz writes on 11/24/2003 1:46 PM: > Firewalls at least tend to be a bit more hands off... and I'd like to > hear more about the "snake oil" parts. Doesn't the 1/2wall that XP > ships with default to "disabled?" Interesting reading here - http://groups.google.com/groups?q=vernon+schryver+snake+oil+firewall -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: Anit-Virus help for all of us??????
Jeff Shultz writes on 11/24/2003 1:46 PM: Firewalls at least tend to be a bit more hands off... and I'd like to hear more about the "snake oil" parts. Doesn't the 1/2wall that XP ships with default to "disabled?" Interesting reading here - http://groups.google.com/groups?q=vernon+schryver+snake+oil+firewall -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003, Suresh Ramasubramanian wrote: > Er... two or three obvious reasons - there might be more. > > # Users not updating their virus / firewall definitions, not paying for > new definitions after their year of free definitions is done. I've been looking at some statistics on infected users. One of the more interesting was "new" computer users are more likely to have infected computers than "old" computer users. A computer bought in the last 30 days may be almost twice as likely to be infected than a computer more than 1 year old.
Re: Anit-Virus help for all of us??????
Sean Donelan writes on 11/24/2003 1:29 PM: If most if not all computers that are sold include antivirus + personal firewalls, who is selling all the computers being infected with worms, virus, malware? Er... two or three obvious reasons - there might be more. # Users not updating their virus / firewall definitions, not paying for new definitions after their year of free definitions is done. # Users leaving open windows shares, clicking on random windows attachments etc # Viruses keeping one step ahead of antivirus vendors -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: Anit-Virus help for all of us??????
** Reply to message from Sean Donelan <[EMAIL PROTECTED]> on Mon, 24 Nov 2003 13:29:57 -0500 (EST) > On Mon, 24 Nov 2003, Suresh Ramasubramanian wrote: > > Most if not all computers that are sold (branded ones at least) do come > > with an antivirus + "personal firewall" (aka snake oil firewall, as > > vernon schryver keeps saying on news.admin.net-abuse.email and > > elsewhere) package, with 6 months to a year of free updates. > > If most if not all computers that are sold include antivirus + personal > firewalls, who is selling all the computers being infected with worms, > virus, malware? You know that the best AV program in the world isn't going to amount to a hill of beans if the user doesn't 1. download updates, 2. run the occasional scan [1], and 3. pay for more updates past the 1 year mark (for those for which this is a requirement). Firewalls at least tend to be a bit more hands off... and I'd like to hear more about the "snake oil" parts. Doesn't the 1/2wall that XP ships with default to "disabled?" As for Malware... right now neither firewalls nor AV programs seem to stop it's installation. Personally I wish that there was something that we could install on customer machines that would absolutely and totally block the installation of net.net stuff, to the point of deleting any installation files that have been downloaded. [1] When cleaning a customer's Nachi infected machine, I discovered that the installed copy of NAV was completely up to date - but a system scan hadn't been run since July 2002. -- Jeff Shultz Loose nut behind the wheel.
Re: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003, Suresh Ramasubramanian wrote: > Most if not all computers that are sold (branded ones at least) do come > with an antivirus + "personal firewall" (aka snake oil firewall, as > vernon schryver keeps saying on news.admin.net-abuse.email and > elsewhere) package, with 6 months to a year of free updates. If most if not all computers that are sold include antivirus + personal firewalls, who is selling all the computers being infected with worms, virus, malware?
Re: Anit-Virus help for all of us??????
McBurnett, Jim writes on 11/24/2003 9:29 AM: Thought this is on topic for the group with all the new virii and new problems out there. Would anyone here consider sending this out to all customers? Most if not all computers that are sold (branded ones at least) do come with an antivirus + "personal firewall" (aka snake oil firewall, as vernon schryver keeps saying on news.admin.net-abuse.email and elsewhere) package, with 6 months to a year of free updates. What, if anything, is new about this? srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
